Javascipt nur mit wenigen non alphanummerischen Zeichen coden
Browser based tool for website XSS testing
Browser based tool for website XSS testing
Viele Wege führen an einer Blacklist vorbei. Unterschiedliche Darstellungsformen für JavaScript
Most interestingly, however, Facebook allows you to do this by executing your code on *.facebook.com. What this means is your code has privileges to do whatever any of Facebook's code can do -- if you can make it happen...
Link to a PDF taking about which JS Frameworks help against JS hijacking and how JS hijacking works
Yet another JS portscanner
Yet another JS portscanner